VMware Hybrid Cloud Extension (HCX) Overview

VMware Hybrid Cloud
Extension (HCX) is probably one of the coolest VMware products that many people
still don’t know about. Even among virtualization experts, very few people
really know what it is and what it can do.

In a nutshell, VMware
HCX is a SaaS offering that combines
a set of network features that provide what is referred to as “Infrastructure
Hybridity”. These features ease the challenges around connecting on-premises
data centers and cloud, delivering infrastructure hybridity for vSphere 5.0 and
newer versions.

For anyone who has had
to do migrations from one environment to another with minimal downtime (that
means no downtime to management and
the AppDev teams, right?!), you know that there is a myriad of networking variables
that can affect even the best plan. Well, good news! VMware HCX can solve those
challenges, making migrations simple and pain free.

HCX provides a
solution for two use cases: on-premises to Public Cloud and on-premises to
on-premises connectivity. Despite on-premises to Public Cloud being useful, I
believe the on-premises to on-premises use case will see more demand overall,
particularly for migration purposes.

To that point, VMware
has added HCX to NSX
Enterprise Plus edition and has changed the name to NSX Hybrid
Connect. No confusion there, right?

I’m going to cover details
of the common use cases and then do an overview of the components that make up
the solution. Finally, I’ll call out a couple of things to be aware of with
certain configurations.

Use Cases

Migration: This is, hands down, the most common use
case for HCX. Modern data centers have become very complex, sometimes having
hundreds of dependencies for the virtual infrastructure and applications. Anyone
who’s gone through an application dependency mapping exercise knows it’s not
trivial. And, with all of the integrations that are now so prevalent in virtual
environments, it’s nearly impossible to upgrade one product/solution without affecting
other components or solutions.

And then, what happens
when upgrading isn’t an option? For instance, I have customers that still run vSphere
5.1 and/or that have hardware that is well past EOL. In cases like these,
choosing migration over upgrading may be the best way for a customer to move
forward with modernizing their environment.

For those that have chosen to accept an excessive amount of technical
debt (those that have chosen to stay on vSphere 5.x), fear not, all of the HCX features
are supported with vSphere 5.x and above.

Hybrid Cloud: Another area that customers are looking at
very closely right now is Hybrid Cloud Adoption. HCX helps solve a number of
challenges associated with adopting Hybrid Cloud. For example, with HCX there
is no need to wait for carriers to provision WAN circuits for things like AWS
Direct Connect, and no need to upgrade networking hardware or modify
on-premises networking to extend L2 networks to the cloud.

Disaster Recovery: HCX also provides
the ability to protect workloads at primary or secondary sites for Disaster Recovery.
You can even run test and planned failovers, then reverse the replication and
execute failback. If you have experience with VMware Site Recovery Manager, this
will sound familiar. However, HCX is not (currently) a replacement for SRM, more
like a lite version. HCX can do scheduled migrations between source and
destination sites, but it does not have the robust orchestration capabilities
that SRM has.

Product
Features

Moving on to more specifics about HCX product features, here’s
what it currently offers:

HCX
Replication Assisted vMotion: Also known as Cloud
Motion, this new migration combines the capabilities of Bulk Migration
(parallel operations, resiliency, and scheduling) with HCX vMotion (zero
downtime virtual machine state migration).

The migration begins with the
replication of the virtual machine’s disks. As with Bulk migration, virtual
machines can be migrated in parallel, and the switchover is configurable on a
schedule.

During the RAV switchover phase,
vMotion is engaged for migrating the disk delta data and virtual machine state.

Currently in preview for VMware Cloud
on AWS customers, and has additional requirements.

HCX Network Extension (VLAN and VXLAN)

HCX Network Extension provides
a High-Performance (4–6Gbps) service to extend Virtual Machine networks to an
HCX enabled remote site. Virtual Machines that are migrated or created on the
extended segment at the remote site are Layer 2 adjacent to virtual machines on
the source network.

Allows your virtual machines to retain
their IP and MAC addresses and retain their existing network policies (when
used with HCX Migration).

HCX automatically deploys the Remote Site appliance
whenever a local appliance is deployed (e.g. the Network Extension service
appliances are always deployed as a pair).

Note: By default, when using Network Extension, the default gateway for the extended network only exists at the source site. Routed traffic from Virtual Machines on the remote side of extended networks will return to the source site gateway.

HCX Network Extension with Proximity Routing

Proximity Routing builds
on HCX Network Extension by integrating with NSX Routers at the HCX Cloud
destination site and dynamically injecting VM routes into the routing protocols.
This allows ingress traffic from the local and remote data centers to use an
optimal path to reach the extended Virtual Machine, while ensuring all flows
remain symmetric.

The Proximity Routing
feature is toggled on during the HCX Network Extension operation but be aware
that there are additional requirements to leverage this feature.

HCX Disaster Recovery

HCX Disaster Recovery provides
a simple and easy to manage solution that can protect VMs deployed on-premises
or in a public cloud like VMC on AWS.

HCX is the management plane of the platform and
is comprised of a virtual management component at the source
and destination site, and up to three types of HCX Interconnect service
appliances which, when combined, provide Infrastructure Hybridity.

HCX services are deployed
as virtual appliances at the source site, with a corresponding peer appliance deployed
at the remote site.

HCX Manager

There are two versions of HCX Manager defined for HCX
Architecture – Source
or Destination. The
key differences between them are pretty minor, but important to understand.

HCX Enterprise Manager is always a source type. It is responsible for integration
with the on-premises vCenter and for installation of the HCX plugin into the
vSphere Web Client. After HCX Enterprise Manager is paired with a remote site
it enables the deployment of the other HCX components.

HCX Cloud Manager is part of VMware’s HCX
for Cloud model. With this model, the CSP deploys HCX Cloud and a tenant
deploys HCX Enterprise on-premises. HCX Cloud is always deployed as a destination type.

NSX Hybrid Connect is VMware’s HCX for
Private Cloud model. With this model the tenant deploys both source and
destination HCX Managers.

To clarify, here’s what that looks like in the different
scenarios:

On-premises to Public Cloud

On-premises to on-premises

From a management standpoint there are a couple of things to
be aware of.

First, even though HCX Manager is paired with a vCenter
server when it is deployed at the remote site, there is no HCX Web Client
plugin installed in the remote vCenter, so all HCX configuration and migration
activities must be completed from the source site.

Second, the HCX Manager GUI at the remote site does provide
disaster recovery capabilities, but it can only be used during an actual
disaster recovery event where the source site is unavailable.

HCX WAN Interconnect

VMware has taken vMotion
and vSphere Replication and merged them into a single appliance solution that
provides encrypted replication and vMotion based migration capabilities over
the Internet and direct connect to a target site, along with traffic
engineering, and virtual machine mobility.

HCX WAN Optimization

If you look at the details, you may notice that it is a
customized Silverpeak WAN Optimization virtual appliance. It improves the
performance of the WAN and Internet links by compressing and deduplicating the
migration traffic. On top of that, the WAN Optimization appliance uses path
conditioning techniques, such as Adaptive Forward Error Correction and
Real-Time Packet Order Correction, to minimize the number of retransmits and
increase overall performance of the network between sites.

HCX Network Extension

The HCX Network Extension virtual appliance extends L2
broadcast domains to the remote sites over an encrypted tunnel. This allows VMs
to keep the same IP and MAC address during migration.

Network Extension with Proximity Routing enabled
ensures that forwarding between virtual machines connected to extended and
routed networks, both on-premises and in the cloud, is symmetrical.

In Summary …

HCX removes many of the barriers that have kept
businesses from realizing a variety of multi-site and multi-cloud solutions. My
opinion is that HCX is going to become a key component in VMware’s push to pave
the way to not only Public and Hybrid Cloud, but on-premises multi-site designs
as well.